Obsolete Releases > SME 8.x Contribs

a script to visual analze emailheaders using country geoip

<< < (2/4) > >>

purvis:
I would think spammers would want to use a country that is not in the same country receiving the spammed email.
Right now I was cheated out of over 500 dollars from a source in England.
Do you think the police or I am going to tract that down.
I would cost to much.
Do countries make laws to safe guard other countries or even care much.
I do not think so.

These are reasons I don't trust emails coming from outside ones country.
I am sure as global the worlds economy has gotten. There is a need. But not all is global when it comes to business.

Stefano:
purvis, let me say you have a strange idea of spammers :-)

spammers use many way to send spam..

feel free to do what you prefer/want, but using GeoIp to fight spam at smtp level is not a smart idea.. you should instead use it with spamassassin..

my 2€c

hawkinstw:
According to av-test.org USA is currently actually the biggest source of SPAM at 14.9% followed by Argentina at 6.4%  China is way down at number 6 with 4%

http://www.av-test.org/en/statistics/spam/

purvis:
The above script needs a slight change.
In the script, i did not want to do a geo ip lookup of computer behind a nat device.
I had forgot about self assigned ip address ranges. I did see a received email that was originated on a computer with
a self assigned ip address that came from a .edu domain.
This altered line of code should cause a self assigned ip address to NOT be looked up.

My intention is not to lookup any private network ip addresses.
http://en.wikipedia.org/wiki/Private_network

remove this code in the above script

--- Code: ---   tempcount=$(echo "-$item" | grep -c  "\-127.0.0.1\|\-192.168.\|\-10.\|\-169.254.")
        if [ "$tempcount" -gt 0 ];then continue;fi
        tempcount=$(echo "-$item" | grep -c  "\-172.")
         if [ "$tempcount" -gt 0 ];then
            tempcount=$(echo "-$item" | grep -c  "\-172.16.\|\-172.17.\|\-172.18.\|\-172.19.\|\-172.20.\|\-172.21.\|\-172.22.\|\-172.23.\|\-172.24.\|\-172.25.\|\-172.26.\|\-172.27.\|\-172.28.\|\-172.29.\|\-172.30.\|\-172.31.")
            if [ "$tempcount" -gt 0 ];then continue;fi
         fi

--- End code ---

and replace it with this code

--- Code: ---       tempcount=$(echo "-$item" | LC_ALL=C grep -c  "\-127\.0\.0\.1\|\-192\.168\.\|\-10\.\|\-169\.254\.")
       if [ $tempcount -gt 0 ];then continue;fi
       tempcount=$(echo "-$item" |LC_ALL=C grep -c  "\-172\.1[6-9]\.\|\-172\.2[0-9]\.\|\-172\.3[0-1]\.")
       if [ $tempcount -gt 0 ];then continue;fi

--- End code ---

CharlieBrady:
You have left 172.16.a.b through 172.31.x.y from your list.  See RFC1918.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version